OS X El Capitan Review Part 3 – SIP

As you know Apple has always paid much attention to data security of its users. Sometimes even protecting them from themselves, making a closed system for mobile devices. Recently, Apple still paid more attention to security with the release of iPhone 5S (Secure). Now guys from Cupertino switched to OS X.

If iOS originally was a completely closed system bypassing which was possible only with the help of jailbreak. Right after the installation of which you could forget about all Apple online services. Mac OS X was different. It was very simple and seemed closed for an ordinary user, but you can get full access to your Mac if you are an advanced user. No need to conflict with Apple system.

New Mac OS El Capitan can be a game changer.

From a security perspective Mac OS X and Linux systems are in a better position than Windows for two main reasons:

1) File system and lack of registry make Mac OS environment unfavorable to spread viruses.
If you install applications on Windows, the program registers itself in a bunch of different places allowing malicious software to spread throughout the system, while applications on Mac OS X are often localized in one place, especially after the introduction of Softbox AppStore applications rules that limits the developers but protect users.

2) The prevalence of Mac OS X is much lower than Windows, which makes a creation of malicious software unproductive.

However, since Mac OS is a descendant of Unix system, it inherited basic vulnerability of the ancestor. If the user is “root” – one can get access to absolutely everything in the systems.

Immediately it should be noted that there is no point to fear applications downloaded from the App Store. Apart from the fact that they are carefully checked before publication by Apple moderators, developers are in strict accordance with the conditions that must meet their apps. Therefore, there is no AppStore application that uses “root”.

However, frequently, there are applications that cannot damage the system, while not satisfy the requirements of AppStore. They are distributed via the Internet and anyone without any problems could download and install them. It is only necessary to allow the system to run applications downloaded from the Internet.

With El Capitan developers introduced the concept of System Integrity Protection (SIP for short). Now root privileges will not be available to all users with the Admin privileges, therefore, even contacting your MAC OS X malware it can not cause substantial harm to the system.

The principle of SIP operation is quite simple – neither users nor applications or processes can record or edit files in the / bin, / sbin and / user directories, which are hidden by default. When installing the El Capitan, it just removes all of these folders with third-party content, producing a kind of a system cleanup. The only parts that will have access to the above directories – built installer of OS X and software update service.

What do we get as a result?

For users who are quite satisfied with applications present in AppStore applications – absolutely nothing will change.

For users who sometimes download their applications from the Internet, there may be problems. Probably El Capitan will allow you to run applications with certificates from Apple. That is, those that fall under the filter “Mac App Store and identified developers”, but the ability to run non-certified applications probably will be gone.

Screen Shot 2015-08-04 at 3.00.22 PM

But do not despair, as these innovations are aimed primarily at the corporate segment, so SIP system can be turned off. To do this, you need to load the operating system in recovery mode, hold down ⌘ + R at startup, and in the menu “Tools” select “Security Settings.” In the resulting window uncheck “Include System Integrity Protection”, and then boot the system as usual. Unfortunately, developers have reported that some of the features of their products still do not work (yet).

Soon we tell you more about the upcoming update, so stay tuned!

Prepare your Mac for El Capitan with Nektony utilities.